- Reading privileged memory with a side-channel: the original source of the investigation, followed up with discussion
- Spectre and Meltdown: Vulnerabilities Status Page
- MeltDown
- Spectre
- Actions Required to Mitigate Speculative Side-Channel Attack Techniques: from the Chromium Projects
- Intel Issues Updates to Protect Systems from Security Exploits
- More details about mitigations for the CPU Speculative Execution issue
- Mitigations landing for new class of timing attack
- Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism: (arm.com)
- Intel Responds to Security Research Findings: (intel.com)
- Linux page table isolation is not needed on AMD processors: (lkml.org)
- LLVM patch to fix half of Spectre attack (llvm.org)
- Spectre example code: with many people proving it out
- Michael Schwarz: list of attack publications
- CPU hardware vulnerable to side-channel attacks: (cert.org)
- Retpoline: a software construct for preventing branch-target-injection
- raphaelsc/Am-I-affected-by-Meltdown: Proof-of-concept / Exploit / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN
- Detecting Spectre And Meltdown Using Hardware Performance Counters
- Testing Intel Core Processor Platforms and a Variety of Workloads: Intel Blog Initial Performance Data Results for Client Systems
Debian has a [DSA 4078-1] linux security update:
This specific attack has been named Meltdown and is addressed in the Linux kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table Isolation, enforcing a near complete separation of the kernel and userspace address maps and preventing the attack. This solution might have a performance impact, and can be disabled at boot time by passing `pti=off' to the kernel command line.
2018/01/16: Meltdown/Spectre mitigation for 4.15 and beyond (LWN)
2018/01/21
- Loose threads about Spectre mitigation from Steinar H. Gunderson
- SMEP emulation in PTI
2018/01/23:
- Hacker News references lkml #1 and lkml #2.
- Do not enable KPTI for fixed Intel processors references [PATCH v2 0/5] Basic Speculation Control feature support
2019/07/24
2019/12/23 - Linux kernel gets another option to disable Spectre mitigations
2020/04/17 - phoronix - kernel command line option: "mitigations=off"